| Age | Commit message (Collapse) | Author |
|---|
|
|
|
defined. Carrying on is pointless. And will currently cause a NULL
pointer deref anyway.
NULL deref found by mmcc@ and his friend clang.
ok deraadt@
|
|
will think the resulting file was got larger during compression.
|
|
stopping data in attached ones. So get rid of it and see how we get on
with just a high watermark on each pane.
|
|
|
|
On a real mailserver, it's too noisy and may be a privacy concern.
On a machine that's not a mailserver, it's pointless.
Besides, Theo points out that running subsystems that potentially
parse untrusted user data daily, at a predictable time, as root
is not a very good idea in the first place.
Suggested by millert@; gilles@ matthieu@ deraadt@ sthen@ agree
|
|
ddb(4) can now see static functions. That doesn't mean we should start
declaring functions as ``static'', however it helps for the few existing
exceptions.
ok deraadt@, kettenis@
|
|
merging (currently sshd_config, login.conf, pf.conf) to give some protection
against bad merges. feedback/ok ajacoutot@
|
|
is not intended and will behave unexpectedly if the address is
already used in another domain. It did not work anyway, as the PCB
ended in the wrong hash bucket after changing the rtable. Fail
with EBUSY if the socket is already bound and rehash the PCB if its
rtable changes.
input claudio@; OK mpi@
|
|
was added for all miniroots at the same time.
ok deraadt@ jsg@
|
|
ok deraadt@ jsg@
|
|
that is, for the index page, for the noresult page, and for the
result of an apropos(1) query with more than one page.
As noted by bentley@, when a manual page is displayed, it is more
important that people can quickly use the space bar for paging and
Ctrl-F for searching.
|
|
with Escape.
|
|
that a character is not printable, so return to ignoring such
characters.
|
|
runtime state is not serialized with the envelope, so add it to the imsg.
ok gilles@
|
|
and pretending the output succeeded. Packets are still dropped!
Idea from jsg@ following same change to bridge(4). ok mpi@
|
|
debug mode or when logging to a file or syslog.
bz#1988 ok dtucker
|
|
message more helpful by mentioning the group name.
Joint work with Richie at UStA dot de.
OK jmatthew@
|
|
people might get hurt when doing copy & paste.
Patch from Hiltjo Posthuma <hiltjo at codemadness dot org>.
OK florian@ jmc@
|
|
encouragement and reminders from jmc@
|
|
oversized timespecs should be clamped, not rejected.
ok millert
|
|
|
|
|
|
|
|
unused for now, but I plan to convert all programs in base to use it in
a future diff. /dev/bpf0 is for compatibility with existing binaries
and is to be removed after a transition period.
ok rpe krw, for the installer part
"Let's see it hit the tree." deraadt
|
|
Patch from Fabian dot Raetz at gmail dot com.
|
|
|
|
don't bother to keep trying to get a lease. It ain't gonna happen. Just
print and error message and exit.
|
|
certificate and private key at the same time.
|
|
additions and functionality changes.
|
|
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.
ok beck@
|
|
both configuration and contexts. This allows us to propagate errors that
occur during configuration, rather than either just failing with no reason
or delaying the failure until it can be propagated via the tls context.
Also provide a tls_config_error() function for retrieving the last error
from a tls_config *.
ok bcook@
|
|
Pointed out by David Carlier.
|
|
|
|
as reading passwords. allow ^C to break.
the pain was mine, the fix is miod's.
|
|
|
|
We use an atomic CMPXCHG on first 32 bits of the grant table entry
when revoking access to the memory page. Target domain ID field is
part of these 32 bits, thus shouldn't be masked out for comparison.
This appears to be the last piece of the QubesOS VM chaining puzzle;
tested by Marco Peereboom, thanks!
|
|
Rename the existing ChaCha20-Poly1305 cipher suites with an "-OLD" suffix,
effectively replaces the original Google implementation. We continue to
support both the IETF and Google versions, however the existing names
now refer to the ciphers from draft-ietf-tls-chacha20-poly1305-04.
Feedback from doug@
|
|
|
|
and replace with EVP_aead_chacha20_poly1305_ietf(). The IETF version will
become the standard version.
Discussed with many.
|
|
tb@ discovered that we were not following the 802.11-2012 standard correctly
for frames which fall within the range [winend, windend+winsize]. This could
cause valid frames to be dropped because we moved the window too far ahead.
with and ok tb@
|
|
with and ok tb@
|
|
to "jumps". Will be used soon by refined block ack window handling.
netstat needs to be recompiled.
With and ok tb@
|
|
|
|
pledge_namei_wlpath(). Call the wlpath check only at the end of namei
after the namei lookup would otherwise succeed.
2) Add support to namei to keep the path that was looked up, without the
symlinks in it, and use that path for whitelist path lookups. This
means that paths in pledge whitelists will need to always be the
real path to an intended file to whitelist, without symlinks. Any
symlinks to the "real" file will then be allowed
ok deraadt@ semarie@
|
|
-l" output when used on package files. OK espie@ deraadt@
|
|
match by configuration ID. This also prevents a memory leak when there are
multiple certificates specified for the same server.
ok beck@
|
|
counters that keep track of consecutive frames falling outside the window.
|
|
ok mpi@
|
|
ifconfig needs to be recompiled.
ok mpi@
|
